What’s the best way to get buy-in to SOAR from executive leadership?

501 views1 Upvote4 Comments

VP, Chief Security & Compliance Officer in Software, 1,001 - 5,000 employees
I think that we have to change the paradigm where I don’t have to coerce somebody to allow me to have the right to at least a temporary block while the decision-maker gets to the table to see the criticality of a threat. We have to bring that conversation forward.

So, I wonder if it's time for us to start, together as professionals, crafting the argument that we take to the boards, which is this is a ticket to entry. Look at it from the transference of risk and what's happening across the industries. I don't think supply chain attacks are going to go away. I think we're going to see an increase in these things. I don't think the powers that be and the leaders that are responsible for enterprise risk and the reduction of that risk, really understand the compounding issues that are occurring as we continue to adopt more fluid digital capabilities. I think we can actually craft an argument that allows us for the first time to start taking lead in these defense design and defense conversations.
Deputy CISO, 10,001+ employees
If I go to the board or a higher level authority, and I force cooperation from a peer group, that is going to sour that relationship going forward. And it's going to make everything we have to do bad, difficult and hard. And I have to avoid that. That just makes our job miserably tough. 

I’ve been taking a new strategic approach. Everybody likes it when they get something for free, so what I've done is, and I get mixed success, I make deals with the devil. Security compared to other IT groups, our budget gets cut last. Our budget may not be as large as IT operations, but when it comes time to make cuts, we get cut last. So, when I say, "Hey, look, I need to invest in SOAR. It's what I need to do to make my job better. And I need to work with your network to make your job better,” I also say I'm going to pay for it. I'm going to foot the bill. I'll let you own it. It's yours, but here are the things I needed to do.

At IPG, security speaks to the board twice a year. Some groups speak to the board only every other year. So we have a voice. My approach is to ask, “What can I do to help you out? To make your problems go away? How can I help with our influence, our ability?” And that gets us some traction. Not the best traction, and then if the board says, "You will cooperate." It kind of gets us there. You gotta walk that line.
2 1 Reply
Director of IT in Healthcare and Biotech, 1,001 - 5,000 employees

When talking about going to the board if you are going to the board two times a year, and you've got that voice, I think another excellent opportunity is network teams don't ever have all the budgets they want, and infrastructure teams are always screaming. Who's going to complain about, "Hey, can I help you get a switch or refresh? But here's what I need out of that.” So, I think they care and they stick a little bit with that, but I think at least our network team is absolutely thrilled if we want to go help them chase money.

Deputy CSO in Services (non-Government), 1,001 - 5,000 employees
A SOAR type solution may be table stakes. Not only do we have to look at the board and say, "Hey, look, if we're going to play in a business, we need this." But we also need to come together, industry, and us as professionals, and create some standards around it.

When you buy SOAR, you're going to have to probably buy 2-3x more in professional services just to help integrate with the API's and everything else you need. If the industry gets together and says in a secure manner, “this is the standards we will use for the API's, and for communicating out, for ingesting data in, telemetry in and so on from the SIMS or whatever,” that would make the table stakes a whole lot easier for the corporations. So, as a professional community or a security community, we could definitely start bringing that together. But the vendors have to come to the table with us.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
40.7k views131 Upvotes319 Comments

Very confident9%

Somewhat confident70%

Somewhat unconfident19%

Not at all confident2%

Other (explain in the comments)0%



Insider threats – rogue admins19%

Encrypting my data50%

Deleting my backup copies11%

Resident malware8%

Data theft – data exfiltration11%



1.6k views1 Comment

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
66.8k views69 Upvotes39 Comments